[PATCH] ip_conntrack_ftp segfault
Pablo Neira
pablo at eurodev.net
Tue Jan 4 11:35:09 CET 2005
nice catch, but read the comments below.
Nicolas Bouliane wrote:
> This patch fix two bugs (when DEBUGP is defined):
> o The var `data` doesn't exist, hence gcc complains.
> o It segfault because we print an integer with `%s`.
>
>------------------------------------------------------------------------
>
>--- /usr/src/old/linux-2.6.10/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-12-24 16:35:59.000000000 -0500
>+++ ip_conntrack_ftp.c 2005-01-03 14:09:06.000000000 -0500
>
>
this header must always look like, for example:
--- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-10-20
10:12:06 +02:00
+++ linux-2.6.10-nicolas/net/ipv4/netfilter/ip_conntrack_ftp.c
2005-01-02 16:09:01 +01:00
>@@ -347,9 +347,8 @@
> goto out;
> }
>
>- DEBUGP("conntrack_ftp: match `%.*s' (%u bytes at %u)\n",
>- (int)matchlen, data + matchoff,
>- matchlen, ntohl(th->seq) + matchoff);
>+ DEBUGP("conntrack_ftp: match `%s' (%u bytes at %u)\n",
>+ search[i].pattern, matchlen, ntohl(th->seq) + matchoff);
>
>
Since this is a minor fix, try to modify as less things as you can. data
doesn't exist but look for its natural replacement which is fb_ptr.
Rusty punish me yesterday to read part (11) of
Documentation/SubmittingPatches in the kernel source tree :). So do it
you as well and add your sign-off.
Resend a patch which fixes the things above. After that, let wait to see
if Patrick wants to add this to his changeset 8).
--
Pablo
More information about the netfilter-devel
mailing list